LuxSci as SMTP Relay for Gmail = LuxSci Encryption for Google

Gmail and Google Apps users can route their outbound email through LuxSci to take advantage of SecureLine email encryption, which enables HIPAA compliant sent messages, plus LuxSci’s extensive outbound email management tools. If you prefer the Google interface or need to use it for some reason, but require encryption and/or compliance, you can meet your needs by adding on LuxSci.

What Google Doesn’t Provide

If you subscribe to regular Gmail, or even Google Apps and get Google’s version of “HIPAA Compliance”, you don’t get email encryption as part of the deal. In fact, with “HIPAA Compliant” Google Apps, sending email is in fact not compliant unless you separately purchase a very expensive email encryption option from Google (which they don’t even tell you about), or unless you use a third party HIPAA compliance solution to encrypt your outbound email. See: Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price.

LuxSci as a Third-Party Solution

Google Apps and Gmail users can configure their Google accounts to use a third party “SMTP Relay”. Once set up, all email messages sent from addresses so-configured are routed from Google to the third party’s email server (e.g. LuxSci in this case). To LuxSci, it looks like you have connected securely from some email program to send outbound email. It just so happens that the “email program” in this case is Google.

Once LuxSci authenticates you and receives the message, it performs all of the usual outbound email processing tasks that have been setup for your LuxSci account. These could include:

Outbound Email Filtering: Combined with our Premium Email Filtering, you can have outbound email scanned for viruses, content, and other unwanted features

Archival: Archive copies of all outbound email for compliance and/or business purposes.

Tracking: LuxSci tracks the delivery status and properties for each message to each recipient. Once your email is relayed through LuxSci you can view reports on this and/or have emailed digests sent to you to monitor your messages. This includes message sending failures, as well as FeedBack Loops with ISPs.

Getting Setup Up: Google Apps + LuxSci

Once your Google Apps account has been set up, your administrator should be sure that “Outbound Relaying” is permitted for the account users.

Next, purchase a LuxSci email account. Click here to Order. Choose from one of these account types:

Email + Web Hosting: Regular email and outbound email for use if your users do not need to send more than 300 email messages/day (each messages can have multiple recipients; not for use with email marketing or bulk email).

High Volume: Basic: Used only for email marketing needs where you need to send a lot of email, but it doesn’t require encryption or other special processing.

High Volume: Premium: Used for business email when you need to send arbitrarily large numbers of messages and for transactional/marketing email that requires encryption or other special handling.

Add the features and settings that you need, such as:

HIPAA compliance

Email archival

SecureLine email encryption

A number of users equal to the number of people that will be relaying through LuxSci from Google

Specify the domain name(s) for the email address(es) that these people will be using for relaying through LuxSci

Once your LuxSci account has been set up and the users created, your individual Google users can add this as a new account in their Gmail interface.

To setup an outbound relay at Gmail through LuxSci:

If you are using Google Apps, then Email Relaying is disabled by default. You must first enable it. To do so, please follow these instructions.

From the Gmail interface, click on the dropdown menu with the gear icon in the top-right of the screen, and select “Settings”.

Select the “Accounts” tab.

For an existing address, click on “edit info”

For a new address

In the “Send mail as” section, click on the link that says “Add another email address you own”.

On the next screen, change the radio option to “Send through mydomain.com SMTP servers”. A hidden section will open where you can authenticate to that SMTP server.

Enter the LuxSci SMTP server associated with your account in to the “SMTP Server” field.

Change the port to 587.

Enter your LuxSci username (e.g. me@mydomain.com) and your password.

Change the radio option at the bottom to “Secured connection using TLS”.

Press the “Add Account” button. Gmail will take a moment to verify your credentials and the connection to the server.

Once the initial verification is complete, the popup window will bring you to a final confirmation screen. At the same time, Gmail will send a confirmation code via email to your LuxSci address. You can either click on the link in the email to perform the final confirmation, or you can paste the verification code in the email into the field in the Gmail popup window.

Once you’ve added and confirmed your LuxSci SMTP account, you will be able to select me@mydomain.com as the From address of messages you compose in Gmail. Any message sent using this From address will automatically be relayed through your LuxSci secure SMTP server. You can read this help online, with specific settings filled in for your account here.

Things to Watch Out For!

SPF Records: Google likes you to add SPF records for your domain to validate which servers are allowed to send email for your domain. If you use LuxSci as described here, you will need to add LuxSci to your SPF record as well. Simply add “include:luxsci.com” inside of your existing SPF records, and you will be all set.

Google Apps allows administrators to restrict users from using this outbound relaying feature; however, it provides no way for administrators to enforce this outbound relay, or configure the relay on an account-wide basis. Administrators who wish to use a third party SMTP Relay must be sure that each user sets up the relay individually in his/her own Gmail account. This is especially important for HIPAA compliance, as a misconfigured or not configured account can result in ePHI leakage, lack of archival, and lack of compliance. Administrators should also be aware that Google provides no way to prevent users from editing or removing relaying settings at a later date, thus breaking or interrupting encryption or archival (maybe to send that one email they don’t want their boss to know about).

Google really provides very little administrative control to assist in assuring that compliance is properly met. So, if you go this route (rather than getting email services directly from LuxSci, for example), be sure to cover all of this in your HIPAA training and internal security requirements so that your employees know exactly what they should and should not do. Also, institute some means of reviewing each user’s individual Google login to be sure that the settings meet your internal guidelines. This kind of review should be periodic, and even better, somewhat random (like a drug test).